[0cf8612b2e1e]

I am pretty ignorant of Web Assembly development.

Does Web Assembly have anything to offer me today as a consumer? Or is all of this still setting the groundwork for a future where programs are truly portable?

I have heard some rumblings that the WA machinery makes it easier to restrict access (network, files) but I do not know if those are theoretical or implemented today.

[norman784]

Basically Wasm is a virtual machine, is is very similar to JVM that is portable, but the key difference is that Wasm does not have any std nor expose any IO function, so you can build your own host (the VM) that expose functions that can be imported from the Wasm binary, that means that the Wasm binary can have access to the external world only through these functions.

Also I would say an advantage is that the binary format is not proprietary and there's a spec, so anyone could implement their own Wasm VM.

But right now is not in a good place yet, is too early and there are a lot of new functionality that is being standardized by a group (similar to W3C) and the process is very slow.

[kevingadd]

As a developer or someone shipping products, if you want robust sandboxing, WASM is probably the best option available to you right now. And there are ways to deploy it or cross-compile it for most targets.

[ngcc_hk]

Any good pointer to this direction?

[kevingadd]

https://github.com/WebAssembly/wabt/blob/main/wasm2c/README.... is a straightforward way to take an untrusted application (compiled already to wasm) and turn it into C that you can embed into your application or compile to a linkable DLL. I believe this approach has been used to sandbox untrusted libraries in production by Mozilla: https://hacks.mozilla.org/2021/12/webassembly-and-back-again...

[flohofwoe]

If implemented well you wouldn't notice it as a customer (just as you don't notice nor should care much whether your computer has an ARM or x86 CPU), so it's hard to say whether it offers anything over other solutions (unless you care about details like whether a program runs as native code or via a VM like JVM, .NET or WASM) - typically one will only notice the bad apples which then may turn into memes (like "all Electron programs are a bloated resource hungry mess, while all native applications are automatically an efficient marvel of software engineering").